Tuesday, November 15, 2005

More Problems with Sony XCP

Alex
Halderman and I have confirmed that Sony’s Web-based XCP
uninstallation
utility exposes users to serious security risk. Under at least some
circumstances, running Sony’s Web-based uninstaller opens a
huge
security hole on your computer. We have a working demonstration
exploit.

We are working furiously to nail down the details and will
report our results here as soon as we can.

In the meantime, we recommend strongly against downloading
or running Sony’s Web-based XCP uninstaller.

UPDATE:
If you’re technically sophisticated, and you have run the XCP
uninstaller on your computer, you may be able to help us in our
investigations. It won’t take long. Please contact Alex
to volunteer. Thanks.

The link below goes to a dummy account that automatically forwards email to the Federal Trade Commission's spam reporting service. Don't use it unless
you are a robot. Instead, act like a human and figure out the real address from this: joseph/dot/j7uy5/at-sign/gmail/dot/com

The Corpus Callosum is an occasional journal of armchair musings, by an Ann Arbor reality-based, slightly-left-of-center regular guy who reserves the right to be highly irregular at times.
Topics: social commentary, neuroscience, politics, science news.
Mission: to develop connections between hard science and social science, using linear thinking and intuition; and to explore the relative merits of spontaneity vs. strategy.